Peach在工业控制系统漏洞挖掘中的改进及应用
发布时间:2019-02-24 13:05
【摘要】:工控系统现在已普遍应用于几乎所有的工业领域和关键基础设施中,工控系统的安全问题对国民经济的正常运转和国家的安全有着重大的影响。对工业控制系统可能存在的Oday漏洞进行检测和挖掘,可以帮助厂商提前解决设备的安全问题,最大可能的减少工业生产的损失。通过Fuzz测试方法进行漏洞挖掘的方式已被工业界广泛采用,模糊测试也是网络安全和软件设备安全的一个重要保障。本文研究了 Fuzz测试工具Peach框架在工业控制系统中进行漏洞挖掘的应用方法,并对Peach框架进行了扩展,使其能够支持像PROFINET-DCP 一样基于Ethernet层的协议的测试;为了在测试过程中进行漏洞定位时节省大量的人力和时间,提出了漏洞定位与快速重现的算法。本文针对Peach在工控系统漏洞挖掘中的应用进行了改进,具体包括:详细分析了 Modbus/TCP、EtherNetIP 和 PROFINET-DCP 三种常用工控协议的协议结构,根据分析结果编写了 23个PitFile测试脚本,供Peach用来进行Fuzzing测试;通过引用SharpPcap框架,编写扩展了 PROFINET Publisher模块,使Peach框架支持了对PROFINET-DCP的测试;利用扩展之后的Peach框架,借助已编写的测试脚本生成的1305204个测试用例,对三个国际主流工控厂商的系统设备进行了测试,并发现了拒绝服务和缓冲区漏洞;实验过程中漏洞定位需消耗大量人力和时间,为优化漏洞定位过程,提出了漏洞定位与快速重现的算法,大大提高了测试的效率。
[Abstract]:Industrial control system has been widely used in almost all industrial fields and key infrastructure. The safety of industrial control system has a significant impact on the normal operation of the national economy and national security. Detecting and mining the possible Oday vulnerabilities in industrial control systems can help manufacturers solve the safety problems of equipment in advance and reduce the loss of industrial production as much as possible. Vulnerability mining through Fuzz testing method has been widely used in industry. Fuzzy testing is also an important guarantee of network security and software equipment security. This paper studies the application of Fuzz testing tool Peach framework in industrial control system, and extends the Peach framework to support the test of Ethernet layer protocol like PROFINET-DCP. In order to save a lot of manpower and time during testing, an algorithm of vulnerability location and rapid recurrence is proposed. In this paper, the application of Peach in industrial control system vulnerability mining is improved, including: the protocol structure of three common industrial control protocols, Modbus/TCP,EtherNetIP and PROFINET-DCP, is analyzed in detail, and 23 PitFile test scripts are compiled according to the analysis results. For Peach to use for Fuzzing testing; By referencing the SharpPcap framework, the PROFINET Publisher module is extended to support the PROFINET-DCP testing in the Peach framework. By using the extended Peach framework and the 1305204 test cases generated by the test scripts, the system equipment of three international mainstream industrial control manufacturers is tested, and the denial of service and buffer vulnerabilities are found. In order to optimize the vulnerability location process, an algorithm of vulnerability location and rapid recurrence is proposed, which greatly improves the efficiency of testing.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP273;TP309
本文编号:2429580
[Abstract]:Industrial control system has been widely used in almost all industrial fields and key infrastructure. The safety of industrial control system has a significant impact on the normal operation of the national economy and national security. Detecting and mining the possible Oday vulnerabilities in industrial control systems can help manufacturers solve the safety problems of equipment in advance and reduce the loss of industrial production as much as possible. Vulnerability mining through Fuzz testing method has been widely used in industry. Fuzzy testing is also an important guarantee of network security and software equipment security. This paper studies the application of Fuzz testing tool Peach framework in industrial control system, and extends the Peach framework to support the test of Ethernet layer protocol like PROFINET-DCP. In order to save a lot of manpower and time during testing, an algorithm of vulnerability location and rapid recurrence is proposed. In this paper, the application of Peach in industrial control system vulnerability mining is improved, including: the protocol structure of three common industrial control protocols, Modbus/TCP,EtherNetIP and PROFINET-DCP, is analyzed in detail, and 23 PitFile test scripts are compiled according to the analysis results. For Peach to use for Fuzzing testing; By referencing the SharpPcap framework, the PROFINET Publisher module is extended to support the PROFINET-DCP testing in the Peach framework. By using the extended Peach framework and the 1305204 test cases generated by the test scripts, the system equipment of three international mainstream industrial control manufacturers is tested, and the denial of service and buffer vulnerabilities are found. In order to optimize the vulnerability location process, an algorithm of vulnerability location and rapid recurrence is proposed, which greatly improves the efficiency of testing.
【学位授予单位】:北京邮电大学
【学位级别】:硕士
【学位授予年份】:2016
【分类号】:TP273;TP309
【参考文献】
相关期刊论文 前9条
1 毛立强;;基于模糊测试的自动化软件测试方法[J];电脑知识与技术;2014年06期
2 李战宝;潘卓;;透视“震网”病毒[J];信息网络安全;2011年09期
3 王鹏;陈德为;;现场总线技术在烟草工业成品物流自动化系统中的应用[J];物流科技;2011年05期
4 李萍;;工业以太网Ethernet/IP协议浅析[J];长江大学学报(自然科学版)理工卷;2010年01期
5 薛吉;邱浩;奚培锋;杨帆;;工业以太网EtherNet/IP介绍及其产品开发[J];低压电器;2009年05期
6 蓝丽;李红星;;PROFInet与现场总线的集成应用[J];微计算机信息;2007年22期
7 缪学勤;论六种实时以太网的通信协议[J];自动化仪表;2005年04期
8 成继勋,朱红萍;工业以太网技术的新进展[J];自动化仪表;2004年12期
9 梅格;IEC61158成为正式国际标准(IS)[J];仪器仪表标准化与计量;1999年06期
相关硕士学位论文 前2条
1 于长奇;工控设备漏洞挖掘技术研究[D];北京邮电大学;2015年
2 赵丽娟;Fuzz安全测试技术研究[D];北京邮电大学;2011年
,本文编号:2429580
本文链接:https://www.wllwen.com/kejilunwen/ruanjiangongchenglunwen/2429580.html
